Within a datacenter local passwords need to be accessible to multiple parties at all hours of the day and night. Such password access conventionally depends on manual practices (e.g., keeping hand written notes of passwords). To improve upon manual practices, software implemented solutions exist. However, the software based techniques are overly “user centric”. For example, a user changes a password locally on a machine (e.g., server or client) and then updates a password management database. This user, however, retains knowledge of the new password after updating the database. The user continues to know the password until it is changed again at some stage in the future. This retention of knowledge with one user is less than ideal for security reasons.
Other conventional methods of password management involve setting a single password on multiple machines. However, because the same password is used on multiple machines then one breach on one system may lead to breaches on many other systems. Other techniques are also problematic. For example, “server centric” techniques may use an Active Directory account to loop through a list of clients while remotely changing the password for each client. However, doing so requires high level privileges for each target machine. This also requires very tight integration with each machine, thereby making massive rollout of the password management system impractical if many target machines are involved.
Still other methods simply change the password daily. However, this too is not scalable to large volumes of machines. For example, a datacenter with 100 machines may have difficulty if each day a system had to issue a new password to each of the 100 machines, receive confirmation of the switch, and the like. Also, such a system may require the database record for a client to be created in advance of the system changing out passwords. This too leads to poor scalability by complicating the initial rollout of the password management service.